NSA: China is Exploiting These Vulnerabilities. Patch Now.
The US National Security Agency (NSA) has published a cybersecurity advisory listing 25 vulnerabilities that Chinese state-sponsored hackers are most frequently exploiting to gain access to computer networks of interest that hold sensitive intellectual property, economic, political, and military information. All 25 flaws are known and have fixes available.
This report shows how nation state actors are using the same flaws everybody else is abusing to compromise networks. The list is led by flaws in perimeter security devices. These flaws have been heavily abused by ransomware gangs, crypto coin miners and essentially anybody interested in breaching a corporate network. A good reminder to review your vulnerability scans. If you find any of these 25 flaws included, assume that it has already been exploited. Even if you are not the target of Chinese nation state attackers.
While it is interesting to note that the list includes vulnerabilities from 2015 and 2018, dont look to the specific vulnerabilities exploited, look to the general cyber hygiene recommendations. Regularly patch and verify the security of products, replace old or obsolete products, use internal trusted or isolated management networks, block deprecated services at the perimeter, enabling logging, alerting and monitoring. Remember to validate systems for signs of compromise during the interval prior to update, and address any issues discovered.
Read more in
Threatpost: Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
ZDNet: NSA publishes list of top vulnerabilities currently targeted by Chinese hackers
Duo: Enterprises Should Fix These 25 Flaws
SC Magazine: NSA releases list of 25 vulnerabilities targeted by China
Defense: Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities (PDF)